Nordic nation suspects Chinese, Russian intel services behind attack.

Citing unnamed sources, Finnish television channel MTV3 reports (Google Translate) that the Finnish Ministry of Foreign Affairs was penetrated by malware over a period of four years. The malware specifically targeted communications between Finland and the European Union. MTV3 adds that the breach was discovered earlier this year and that the Finnish government suspects Russian or Chinese intelligence agencies to be behind the breach.

Ari Uusikartan, the director general of the information and documentation division at Finland’s Ministry for Foreign Affairs, told reporters (Google Translate) that the breach appears to involve a unknown piece of malware "similar to, and more sophisticated than Red October" malware, but that it was not Red October itself.

Earlier this year, Ars reported how Red October is the “Swiss Army knife of malware.”

"According to our knowledge, never before in the history of ITSec has a cyber-espionage operation been analyzed in such deep detail, with a focus on the modules used for attack and data exfiltration." Kaspersky researchers wrote in January 2013.

The Nordic country’s Computer Emergency Response Team (CERT-FI) simply pointed to Finnish media coverage on the event, noting that the Finnish Security Intelligence Service is investigating.

Foreign Minister Erkki Tuomioja told Finnish media (Google Translate) that the country has informed the European Union about the attack. Finland is not, Tuomioja added, the only country affected by the hack.

32 Reader Comments

Does this mean that we're getting better at detecting the kinds of malware like these? Given the amount of time, skill, money, and complexity it takes to develop these things I can't imagine they're very easy to spot.

Considering how many of the recently-discovered ones have been reported to have "been in the wild" so long, the increase of these kinds of malware stories is pretty fascinating (and slightly scary).Maybe we're just now running into ones that have been developed a few years ago?

Does this mean that we're getting better at detecting the kinds of malware like these? Given the amount of time, skill, money, and complexity it takes to develop these things I can't imagine they're very easy to spot.

Considering how many of the recently-discovered ones have been reported to have "been in the wild" so long, the increase of these kinds of malware stories is pretty fascinating (and slightly scary).Maybe we're just now running into ones that have been developed a few years ago?

Getting malware onto a system can take quite a long time, and the modules within that malware exfiltrate data at such a slow rate (as to try to evade detection) that yes, in fact, the more sophisticated malware that are being discovered were developed quite awhile ago.

Maybe NSA detected it while evesdropping and let the EU know, and they let Finland know.

Our evesdropping is a lot more effective it seems. No one knows until a traitor tells the world.

Russia and China are still learning because people discover their taps all the time.

Makes me wonder about Stuxtnet, if maybe it was intentional that the US "let" the Iranians figure out about it. Or maybe it was our cyber warning not to mess with us. Or maybe it was an NSA internet who compiled the thing and set it loose?

Actually, a reader (native Finnish speaker) informed me that my translation was wrong. In fact it was Finland that informed EU, not the other way around.

Maybe NSA detected it while evesdropping and let the EU know, and they let Finland know.

Our evesdropping is a lot more effective it seems. No one knows until a traitor tells the world.

Russia and China are still learning because people discover their taps all the time.

Makes me wonder about Stuxtnet, if maybe it was intentional that the US "let" the Iranians figure out about it. Or maybe it was our cyber warning not to mess with us. Or maybe it was an NSA internet who compiled the thing and set it loose?

Actually, a reader (native Finnish speaker) informed me that my translation was wrong. In fact it was Finland that informed EU, not the other way around.

Maybe NSA detected it while evesdropping and let the EU know, and they let Finland know.

Our evesdropping is a lot more effective it seems. No one knows until a traitor tells the world.

Russia and China are still learning because people discover their taps all the time.

Makes me wonder about Stuxtnet, if maybe it was intentional that the US "let" the Iranians figure out about it. Or maybe it was our cyber warning not to mess with us. Or maybe it was an NSA internet who compiled the thing and set it loose?

Actually, a reader (native Finnish speaker) informed me that my translation was wrong. In fact it was Finland that informed EU, not the other way around.

Here is a report in english from YLE (public broadcaster, equvalent of BBC).

Is there any compelling reason to think that the NSA _can't_ write espionage malware the looks chinese/russian? Seems like doing that would deflect a lot of international criticism that the us is getting lately

Is there any compelling reason to think that the NSA _can't_ write espionage malware the looks chinese/russian? Seems like doing that would deflect a lot of international criticism that the us is getting lately

Is there any compelling reason to think that the NSA _can't_ write espionage malware the looks chinese/russian? Seems like doing that would deflect a lot of international criticism that the us is getting lately

Or the other way around. Why is everyone blaming the NSA for everything?

Go ask any datacenter, hosting company, network administrator or systems admin today which are the most blocked IPs and from where most attacks come to their networks? Yeah you guess it, China and Russia.

Some even blocked the whole ranges of these countries because 90% of traffic they get is malicious.

Of course those are not government hacks, but the fact is still there, that most traffic coming from some countries is Spam, port scan, malware, exploit attempts, etc.

Is there any compelling reason to think that the NSA _can't_ write espionage malware the looks chinese/russian? Seems like doing that would deflect a lot of international criticism that the us is getting lately

Or the other way around. Why is everyone blaming the NSA for everything?

Go ask any datacenter, hosting company, network administrator or systems admin today which are the most blocked IPs and from where most attacks come to their networks? Yeah you guess it, China and Russia.

Some even blocked the whole ranges of these countries because 90% of traffic they get is malicious.

Of course those are not government hacks, but the fact is still there, that most traffic coming from some countries is Spam, port scan, malware, exploit attempts, etc.

To be honest, how can anybody really know that attacks coming from russia aren't coming from NSA? They most likely aren't but we really have no way to know for sure.

Is there any compelling reason to think that the NSA _can't_ write espionage malware the looks chinese/russian? Seems like doing that would deflect a lot of international criticism that the us is getting lately

That would assume the recipient of such malware was that stupid...I think Finland's Foreign Ministry is far more competent than that. They wouldn't be pointing the finger in the direction of Russia or China if they just had some agenda-based narrative to yap about instead of a decent reason to give the report they have.

Quick update (as reported by Helsingin Sanomat on Friday morning):-Foreign minister Tuomioja claims no sensitive materials were leaked, as the breached network didn't contain any.-The authorities discovered the security breach after receiving a tip from an undisclosed source.-The affair was kept secret in order to apply countermeasures.-Suojelupoliisi (the Finnish Security Intelligence Service) is investigating the affair as aggravated espionage-The parliamentary Foreign Affairs Committee wants clarification why they were kept in the dark regarding the incident

Local reactions? A brief and informal opinion poll (people at the workplace coffee table) results might be summed as "Meh, s**t happens."

Sorry to hear about that Finland. But hey, look on the bright side, at least it's not us this time!

Yours truly,The NSA.

It might have been NSA. Or China or Russia. We don't know yet. Investigation is still ongoing and Tuomioja & co refused to name any suspects. Talk about China and Russia is just speculation from the news papers.